diff --git a/Kernel/Process.h b/Kernel/Process.h
index cca2ddb634..2259e11434 100644
--- a/Kernel/Process.h
+++ b/Kernel/Process.h
@@ -124,6 +124,10 @@ class Process
         gid_t sgid { 0 };
         Vector<gid_t> extra_gids;
         bool dumpable { false };
+        bool has_promises { false };
+        u32 promises { 0 };
+        bool has_execpromises { false };
+        u32 execpromises { 0 };
     };
 
     // Helper class to temporarily unprotect a process's protected data so you can write to it.
@@ -441,14 +445,8 @@ public:
     Custody& root_directory_relative_to_global_root();
     void set_root_directory(const Custody&);
 
-    bool has_promises() const
-    {
-        return m_has_promises;
-    }
-    bool has_promised(Pledge pledge) const
-    {
-        return m_promises & (1u << (u32)pledge);
-    }
+    bool has_promises() const { return protected_data().has_promises; }
+    bool has_promised(Pledge pledge) const { return protected_data().promises & (1u << (u32)pledge); }
 
     VeilState veil_state() const
     {
@@ -600,11 +598,6 @@ private:
 
     RefPtr<Timer> m_alarm_timer;
 
-    bool m_has_promises { false };
-    u32 m_promises { 0 };
-    bool m_has_execpromises { false };
-    u32 m_execpromises { 0 };
-
     VeilState m_veil_state { VeilState::None };
     UnveilNode m_unveiled_paths { "/", { .full_path = "/", .unveil_inherited_from_root = true } };
 
diff --git a/Kernel/Syscalls/execve.cpp b/Kernel/Syscalls/execve.cpp
index 5aa2e8686e..ecdb12731f 100644
--- a/Kernel/Syscalls/execve.cpp
+++ b/Kernel/Syscalls/execve.cpp
@@ -536,12 +536,6 @@ KResult Process::do_exec(NonnullRefPtr<FileDescription> main_program_description
     m_arguments = arguments;
     m_environment = environment;
 
-    m_promises = m_execpromises;
-    m_has_promises = m_has_execpromises;
-
-    m_execpromises = 0;
-    m_has_execpromises = false;
-
     m_veil_state = VeilState::None;
     m_unveiled_paths.clear();
 
@@ -603,8 +597,18 @@ KResult Process::do_exec(NonnullRefPtr<FileDescription> main_program_description
     m_name = parts.take_last();
     new_main_thread->set_name(m_name);
 
-    // FIXME: PID/TID ISSUE
-    MutableProtectedData(*this)->pid = new_main_thread->tid().value();
+    {
+        MutableProtectedData protected_data { *this };
+        protected_data->promises = protected_data->execpromises;
+        protected_data->has_promises = protected_data->has_execpromises;
+
+        protected_data->execpromises = 0;
+        protected_data->has_execpromises = false;
+
+        // FIXME: PID/TID ISSUE
+        protected_data->pid = new_main_thread->tid().value();
+    }
+
     auto tsr_result = new_main_thread->make_thread_specific_region({});
     if (tsr_result.is_error()) {
         // FIXME: We cannot fail this late. Refactor this so the allocation happens before we commit to the new executable.
diff --git a/Kernel/Syscalls/fork.cpp b/Kernel/Syscalls/fork.cpp
index 26d9bd96ee..1ce770875d 100644
--- a/Kernel/Syscalls/fork.cpp
+++ b/Kernel/Syscalls/fork.cpp
@@ -41,10 +41,6 @@ KResultOr<pid_t> Process::sys$fork(RegisterState& regs)
         return ENOMEM;
     child->m_root_directory = m_root_directory;
     child->m_root_directory_relative_to_global_root = m_root_directory_relative_to_global_root;
-    child->m_promises = m_promises;
-    child->m_execpromises = m_execpromises;
-    child->m_has_promises = m_has_promises;
-    child->m_has_execpromises = m_has_execpromises;
     child->m_veil_state = m_veil_state;
     child->m_unveiled_paths = m_unveiled_paths.deep_copy();
     child->m_fds = m_fds;
@@ -54,6 +50,10 @@ KResultOr<pid_t> Process::sys$fork(RegisterState& regs)
 
     {
         MutableProtectedData child_data { *child };
+        child_data->promises = protected_data().promises;
+        child_data->execpromises = protected_data().execpromises;
+        child_data->has_promises = protected_data().has_promises;
+        child_data->has_execpromises = protected_data().has_execpromises;
         child_data->sid = this->sid();
         child_data->extra_gids = this->extra_gids();
     }
diff --git a/Kernel/Syscalls/pledge.cpp b/Kernel/Syscalls/pledge.cpp
index 2d1676ab5a..024fe17f45 100644
--- a/Kernel/Syscalls/pledge.cpp
+++ b/Kernel/Syscalls/pledge.cpp
@@ -67,24 +67,27 @@ KResultOr<int> Process::sys$pledge(Userspace<const Syscall::SC_pledge_params*> u
         return true;
     };
 
+    MutableProtectedData mutable_protected_data { *this };
+
     if (!promises.is_null()) {
         u32 new_promises = 0;
         if (!parse_pledge(promises, new_promises))
             return EINVAL;
-        if (m_promises && (!new_promises || new_promises & ~m_promises))
+        if (protected_data().promises && (!new_promises || new_promises & ~protected_data().promises))
             return EPERM;
-        m_has_promises = true;
-        m_promises = new_promises;
+
+        mutable_protected_data->has_promises = true;
+        mutable_protected_data->promises = new_promises;
     }
 
     if (!execpromises.is_null()) {
         u32 new_execpromises = 0;
         if (!parse_pledge(execpromises, new_execpromises))
             return EINVAL;
-        if (m_execpromises && (!new_execpromises || new_execpromises & ~m_execpromises))
+        if (protected_data().execpromises && (!new_execpromises || new_execpromises & ~protected_data().execpromises))
             return EPERM;
-        m_has_execpromises = true;
-        m_execpromises = new_execpromises;
+        mutable_protected_data->has_execpromises = true;
+        mutable_protected_data->execpromises = new_execpromises;
     }
 
     return 0;